mirror of
https://github.com/int128/kubelogin.git
synced 2026-05-06 07:56:35 +00:00
cefacba2d2
* Issue 931: Support Client Credentials Flow * Move client-credentials to use --oidc-auth-request-extra-params * Missed a file in moving to --oidc-auth-request-extra-params * Support --oidc-use-access-token * make generate --------- Co-authored-by: Hidetake Iwata <int128@gmail.com>
144 lines
4.3 KiB
Go
144 lines
4.3 KiB
Go
package cmd
|
|
|
|
import (
|
|
"testing"
|
|
"time"
|
|
|
|
"github.com/google/go-cmp/cmp"
|
|
"github.com/int128/kubelogin/pkg/oidc/client"
|
|
"github.com/int128/kubelogin/pkg/usecases/authentication"
|
|
"github.com/int128/kubelogin/pkg/usecases/authentication/authcode"
|
|
"github.com/int128/kubelogin/pkg/usecases/authentication/ropc"
|
|
"github.com/spf13/pflag"
|
|
)
|
|
|
|
func Test_authenticationOptions_grantOptionSet(t *testing.T) {
|
|
tests := map[string]struct {
|
|
args []string
|
|
want authentication.GrantOptionSet
|
|
}{
|
|
"NoFlag": {
|
|
want: authentication.GrantOptionSet{
|
|
AuthCodeBrowserOption: &authcode.BrowserOption{
|
|
BindAddress: defaultListenAddress,
|
|
AuthenticationTimeout: defaultAuthenticationTimeoutSec * time.Second,
|
|
},
|
|
},
|
|
},
|
|
"FullOptions": {
|
|
args: []string{
|
|
"--grant-type", "authcode",
|
|
"--listen-address", "127.0.0.1:10080",
|
|
"--listen-address", "127.0.0.1:20080",
|
|
"--skip-open-browser",
|
|
"--browser-command", "firefox",
|
|
"--authentication-timeout-sec", "10",
|
|
"--local-server-cert", "/path/to/local-server-cert",
|
|
"--local-server-key", "/path/to/local-server-key",
|
|
"--open-url-after-authentication", "https://example.com/success.html",
|
|
"--oidc-redirect-url-hostname", "example",
|
|
"--oidc-auth-request-extra-params", "ttl=86400",
|
|
"--oidc-auth-request-extra-params", "reauth=true",
|
|
"--username", "USER",
|
|
"--password", "PASS",
|
|
},
|
|
want: authentication.GrantOptionSet{
|
|
AuthCodeBrowserOption: &authcode.BrowserOption{
|
|
BindAddress: []string{"127.0.0.1:10080", "127.0.0.1:20080"},
|
|
SkipOpenBrowser: true,
|
|
BrowserCommand: "firefox",
|
|
AuthenticationTimeout: 10 * time.Second,
|
|
LocalServerCertFile: "/path/to/local-server-cert",
|
|
LocalServerKeyFile: "/path/to/local-server-key",
|
|
OpenURLAfterAuthentication: "https://example.com/success.html",
|
|
RedirectURLHostname: "example",
|
|
AuthRequestExtraParams: map[string]string{"ttl": "86400", "reauth": "true"},
|
|
},
|
|
},
|
|
},
|
|
"GrantType=authcode-keyboard": {
|
|
args: []string{
|
|
"--grant-type", "authcode-keyboard",
|
|
},
|
|
want: authentication.GrantOptionSet{
|
|
AuthCodeKeyboardOption: &authcode.KeyboardOption{},
|
|
},
|
|
},
|
|
"GrantType=authcode-keyboard with full options": {
|
|
args: []string{
|
|
"--grant-type", "authcode-keyboard",
|
|
"--oidc-redirect-url-authcode-keyboard", "http://localhost",
|
|
"--oidc-auth-request-extra-params", "ttl=86400",
|
|
"--oidc-auth-request-extra-params", "reauth=true",
|
|
},
|
|
want: authentication.GrantOptionSet{
|
|
AuthCodeKeyboardOption: &authcode.KeyboardOption{
|
|
AuthRequestExtraParams: map[string]string{"ttl": "86400", "reauth": "true"},
|
|
},
|
|
},
|
|
},
|
|
"GrantType=password": {
|
|
args: []string{
|
|
"--grant-type", "password",
|
|
"--listen-address", "127.0.0.1:10080",
|
|
"--listen-address", "127.0.0.1:20080",
|
|
"--username", "USER",
|
|
"--password", "PASS",
|
|
},
|
|
want: authentication.GrantOptionSet{
|
|
ROPCOption: &ropc.Option{
|
|
Username: "USER",
|
|
Password: "PASS",
|
|
},
|
|
},
|
|
},
|
|
"GrantType=client-credentials": {
|
|
args: []string{
|
|
"--grant-type", "client-credentials",
|
|
"--oidc-auth-request-extra-params", "audience=https://example.com/service1",
|
|
"--oidc-auth-request-extra-params", "jti=myUUID",
|
|
},
|
|
want: authentication.GrantOptionSet{
|
|
ClientCredentialsOption: &client.GetTokenByClientCredentialsInput{
|
|
EndpointParams: map[string][]string{
|
|
"audience": []string{"https://example.com/service1"},
|
|
"jti": []string{"myUUID"},
|
|
},
|
|
},
|
|
},
|
|
},
|
|
"GrantType=auto": {
|
|
args: []string{
|
|
"--listen-address", "127.0.0.1:10080",
|
|
"--listen-address", "127.0.0.1:20080",
|
|
"--username", "USER",
|
|
"--password", "PASS",
|
|
},
|
|
want: authentication.GrantOptionSet{
|
|
ROPCOption: &ropc.Option{
|
|
Username: "USER",
|
|
Password: "PASS",
|
|
},
|
|
},
|
|
},
|
|
}
|
|
|
|
for name, c := range tests {
|
|
t.Run(name, func(t *testing.T) {
|
|
var o authenticationOptions
|
|
f := pflag.NewFlagSet("", pflag.ContinueOnError)
|
|
o.addFlags(f)
|
|
if err := f.Parse(c.args); err != nil {
|
|
t.Fatalf("Parse error: %s", err)
|
|
}
|
|
got, err := o.grantOptionSet()
|
|
if err != nil {
|
|
t.Fatalf("grantOptionSet error: %s", err)
|
|
}
|
|
if diff := cmp.Diff(c.want, got); diff != "" {
|
|
t.Errorf("mismatch (-want +got):\n%s", diff)
|
|
}
|
|
})
|
|
}
|
|
}
|